Experts say as few as 12 different China-based groups do the most bulk of attacks on US companies and government agencies.
US need to more to deter Chinese hackers
WASHINGTON // As few as 12 different Chinese groups, largely backed or directed by the government there, do the bulk of the China-based cyber-attacks stealing critical data from US companies and government agencies, according to US cybersecurity analysts and experts.
The attacks, which steal billions of dollars in intellectual property and data, often carry distinct signatures allowing US officials to link them to certain hacker teams. And, analysts say the US often gives the attackers unique names or numbers, and at times can tell where the hackers are and even who they may be.
Sketched out by analysts who have worked with US companies and the government on computer intrusions, the details illuminate recent claims by American intelligence officials about the escalating cyber threat emanating from China. And the widening expanse of targets, coupled with the expensive and sensitive technologies they are losing, is putting increased pressure on the US to take a much harder stand against China.
It is largely impossible for the US to prosecute hackers in China, since it requires reciprocal agreements between the countries, and it is always difficult to provide ironclad proof that the hacking came from specific people.
Several analysts described the Chinese attacks, speaking on condition of anonymity. China has routinely rejected allegations of cyberspying and says it also is a target.
"Industry is already feeling that they are at war," said James Cartwright, a retired Marine general and former vice chairman of the Joint Chiefs of Staff.
An expert on cyber issues, Gen Cartwright has come out strongly in favour of increased US efforts to hold China and other countries accountable for the cyber-attacks that come from within their borders.
Cyber experts agree, and say that companies are frustrated that the government is not doing enough to pressure China to stop the attacks or go after hackers in that country.
Much like during the Cold War with Russia, officials say the US needs to make it clear that there will be repercussions for cyber-attacks.
The government "needs to do more to increase the risk," said Jon Ramsey, head of the counter threat unit at the Atlanta-based Dell SecureWorks, a computer security consulting company. "In the private sector we're always on defence. We can't do something about it, but someone has to. There is no deterrent not to attack the US."
Cyber-attacks originating in China have been a problem for years, but until a decade or so ago analysts said the probes focused mainly on the US government - a generally acknowledged intelligence gathering activity similar to Americans and Russians spying on each other during the Cold War.
But in the last 10 to 15 years, the attacks have gradually broadened to target defence companies, and then other critical industries including those in energy, finance and other sectors.
Hackers in China have different digital fingerprints, often visible through the computer code they use, or the command and control computers that they use to route their malicious software through, Mr Ramsey and other cyber analysts say.
US government officials have been reluctant to tie the attacks directly to the Chinese government, but analysts and officials say that they have tracked enough intrusions to specific locations to be confident they are linked to Beijing - either the government or the military. And, they add that they can sometimes glean who benefited from a particular stolen technology.
One of the analysts said investigations show that the dozen or so Chinese teams appear to get orders to go after specific technologies or companies within a particular industry. At times, two or more of the teams appear to get the same shopping list, and compete to be the first to get it, or the one with the greatest haul.
Analysts and US officials agree that a majority of the cyber-attacks seeking intellectual property or other sensitive or classified data are done by China-based hackers. Much of the cyber-attacks stealing credit card or financial information come from Eastern Europe or Russia.
According to experts, the malicious software or high-tech tools used by the Chinese have not got much more sophisticated in recent years. But the threat is persistent, often burying malware deep in computer networks so it can be used again and again over the course of several months or even years.